* U.S. sees power grid as vulnerable to cyber-attacks
* White House leading review of cyber-security
* Chinese are "all over the place," former official says
By Steve Holland and Randall Mikkelsen
WASHINGTON, April 8 U.S. concerns about the
potential for cyber-attacks on critical infrastructure extended
to the American electrical power grid on Wednesday and experts
pointed the finger anew at Chinese hackers, among others.
As a result, electric utilities are likely to face new
pressures from the U.S. Congress and government regulators to
tighten security and preparations against computer intrusions
that would wreak widespread havoc.
U.S. Homeland Security Secretary Janet Napolitano told
reporters the power grid is vulnerable to potentially disabling
computer attacks, while declining to comment on reports that an
intrusion had taken place.
"The vulnerability is something that the Department of
Homeland Security and the energy sector have known about for
years," she said. "We acknowledge that ... in this world, in an
increasingly cyber world, these are increasing risks."
Napolitano spoke after The Wall Street Journal reported
that cyber-spies had penetrated the U.S. electrical grid and
left behind software programs that could be used to disrupt the
The Journal said the intruders have not sought to damage
the power grid or other key infrastructure but could try during
a crisis or war.
The United States for several years has accused the Chinese
and Russians, among others, of using cyber-attacks to try to
steal American trade secrets, military secrets and government
James Lewis, cyber-security analyst at the Center for
Strategic and International Studies, said Russia and China have
long been considered culprits in computer spying and that the
United States, France and Germany have all complained to China
"In four out of five cases we really can't be sure who's
doing it but in the (other) 20 percent it points very often to
China and Russia."
A former U.S. security official told Reuters that the
Chinese have been particularly active.
"They are all over the place," said the official, who spoke
on condition of anonymity. "They're getting into university
systems, contractor systems, hacking government systems.
There's no reason to think that the electrical system would be
immune as well."
Eric Rosenbach, executive director for research at Harvard
University's Kennedy School of Government's Belfer Center, said
that if true, it showed that the Chinese and Russians are
thinking strategically about how to either constrain the United
States or inflict more damage if they ever felt they needed to
"I think that China recognizes if in a very strategic sense
you want to ensure you have the ability to exploit another
country's potential weakness or vulnerability but do it in a
way that isn't confrontational or cause an international
crisis, then this is a very good way of doing that," he said.
President Barack Obama, aware of the concerns about the
vulnerability of infrastructure, has launched a cyber-review
that is expected to be completed in the coming weeks.
White House spokesman Nick Shapiro said the White House was
not aware of "any disruptions to the power grid caused by
deliberate cyber-activity here in the United States."
"The Department of Homeland Security works with industry to
identify vulnerabilities and to help industry enhance the
security of control system networks. The federal government is
also working to ensure that security is built in as we develop
the next generation of 'smart grid' networks," Shapiro said.
Mississippi Democratic Representative Bennie Thompson,
chairman of the House of Representatives Homeland Security
Committee, said he would introduce legislation to address the
grid's vulnerability to cyber-attack.
"Our electric system is critical to our way of life,and we
cannot afford to leave it vulnerable to attack," he said. "Our
oversight indicates there is a significant gap in current
regulation to effectively secure this infrastructure."
The United States is not alone. CIA analyst Tom Donahue
told a power-industry conference last year that "we have
information from multiple regions outside the United States, of
cyber-intrusion into utilities followed by extortion demands."
The North American Electric Reliability Corp, the industry
group with responsibility for grid reliability and security for
the United States and Canada, said it was unaware of any
cyber-attacks that have led to disruptions of electric service.
The group has been working for several years with the industry
to create and implement cyber-security measures.
American Electric Power Co (AEP.N) spokeswoman Melissa
McHenry said the utility long ago identified "numerous scans
and probes of our networks from external sources" and had put
in place a multilayered security system.
Still, she said, "We realize that there are no guarantees
that you can always be completely safe from a cyber-attack. We
continually monitor the effectiveness of our systems and seek
to enhance them."
(Additional reporting by David Alexander in Washington,
Michael Erman in New York and Eileen O'Grady in Houston;
Editing by Will Dunham and Bill Trott)